Hello,
I am trying to reply to the following message. I hope I am doing this right.
I have a question about running Vagrant in Gentoo.I am running Debian
Wheezy on two of my computers, but the one that I want to use to test
Devaun is running Gentoo. When I go to the website that is linked below t
dear hellekin,
On Sat, 07 Mar 2015, hellekin wrote:
> On 03/06/15 22:11, Jaromil wrote:
> >
> > vagrant init jaromil/devuan-alpha-i386
> >
> *** Nice. Can you add libvirt and/or lxc providers?
Ok! I'll keep that in mind for the next release.
Meanwhile one can install it using apt-get of cou
Just want to say that I'm very glad that some of you are interested in
producing a grsecurity-based hardened system. When it comes to security,
I'm about as paranoid as they come. I've even decided to throw out my new
UEFI motherboard for a Supermicro server board which has BIOS firmware,
because I
dear Neo Futur and other members of the Devuan hardening team:
please consider the Alpha release series a minimal base you can use to
start working on the kernel patches, building them and testing them.
In fact, this release series is mostly intended to receive feedback from
developers and adjust
On Sat, Mar 07, 2015 at 03:59:51AM -0500, JeremyBekka C wrote:
> Hello,
>
> I am trying to reply to the following message. I hope I am doing this right.
>
> I have a question about running Vagrant in Gentoo.I am running Debian
> Wheezy on two of my computers, but the one that I want to use to tes
I am not sure I follow - is the plan for Devuan to be default
hardened/grsec, or is it supposed to be an optional choice somehow? As was
already pointed out, java won't run. Lots and lots of server workloads run
Java
On 7 March 2015 at 12:42, Jaromil wrote:
>
> dear Neo Futur and other membe
On Fri, Mar 06, 2015 at 08:33:20PM +0100, Jaromil wrote:
>
> dear Miroslav,
>
> On Fri, 06 Mar 2015, miroslav.rov...@zg.ht.hr wrote:
>
> > I hope to be able to continue my Grsecurity/Pax Deployment in Devuan for
> > the Newbies (or of a similar title), like I did in Debian Forums (see my
> > fir
On Fri, Mar 6, 2015 at 7:06 PM, T.J. Duchene wrote:
>
> If someone has issue with the code, it's open. Go look for yourself. I beg
> everyone's kind indulgence and excuse me for saying this, but the conspiracy
> theories about Google and the Chromium source code come from people who have
> never
Maybe it's just me but I don't understand what you're contemplating.
Why do you think Devuan should use a more complicated set of suites than
Debian?
Ceres is aliased to `sid`, so it's not testing, but unstable. The way
Debian handles testing, code freezes, etc. is not 1:1 with Devuan (or so
I h
On 03/07/15 05:59, JeremyBekka C wrote:
>
> how can I get Vagrant to run in Gentoo?
>
*** As mentioned at [0], the way to go is to install it using Rubygems.
https://git.devuan.org/devuan/devuan-project/wikis/try-devuan-on-vagrant
==
hk
--
_ _ We are free to share code and we code to shar
On 03/06/15 20:27, Adam Borowski wrote:
>
> It looks like Knock breaks everything TCP SQN is used for.
>
*** You obviously didn't read the paper and are happily FUDing like it's
Pearl Harbor. Knock only changes the Initial Sequence Number of the TCP
packet, overriding the default MD5 hash used i
Am 04.03.2015 um 23:10 schrieb Robert Storey :
> Just want to say that I really like this idea of naming releases after minor
> planets, such as Ceres. It's a way cool idea.
Cool yes, but useful? Numbers have the huge advantage that everybody knows
their order, which is quite important when ref
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 03/07/2015 11:16 AM, Klaus Hartnegg wrote:
> Am 04.03.2015 um 23:10 schrieb Robert Storey :
>
>> Just want to say that I really like this idea of naming releases after minor
>> planets, such as Ceres. It's a way cool idea.
>
> Cool yes, but use
On 7 March 2015 15:48:18 CET, hellekin wrote:
>On 03/07/15 05:59, JeremyBekka C wrote:
>>
>> how can I get Vagrant to run in Gentoo?
>>
>*** As mentioned at [0], the way to go is to install it using Rubygems.
>
>https://git.devuan.org/devuan/devuan-project/wikis/try-devuan-on-vagrant
yep. And
On Sat, Mar 7, 2015 at 4:16 PM, Klaus Hartnegg wrote:
>> Just want to say that I really like this idea of naming releases after minor
>> planets, such as Ceres. It's a way cool idea.
+1
> Cool yes, but useful? Numbers have the huge advantage that everybody knows
> their order, which is quite i
> "Go look at the code, it's open" is a common "argument" i hear from
> pro-systemd advocates. Curious. About looking at the code: have you
> personally audited chrome's code, top to bottom, OpenBSD-style? 'Cos if you
> haven't - it is a big piece of software -, well your argument is moot
Nu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/07/2015 06:49 PM, Jaromil wrote:
>
> yep. And I for one will be doing everything possible to have
> third-party packaging systems like gem, pip, composer and others
> supported and preferred in Devuan. This is something that Debian
> has been fi
On Fri, Mar 06, 2015 at 08:44:31PM +0100, Stefan Ott wrote:
> On 03/06/2015 08:06 PM, T.J. Duchene wrote:
> >
> > That said, the reason I suggested Chromium as an alternative to
> > Firefox is that essentially a better piece of software. It has
> > better features, better support for Web standards
On 03/07/15 14:21, william moss wrote:
>
>> Cool yes, but useful? Numbers have the huge advantage that everybody knows
>> their order, which is quite important when referring to versions.
>
*** Release *NAMES* never replaced version numbers.
Hence Debian 8 "Jessie" and Devuan 1.0 "Jessie".
==
hk
Am 07.03.2015 um 19:31 schrieb hellekin:
On 03/07/15 14:21, william moss wrote:
Cool yes, but useful? Numbers have the huge advantage that everybody knows
their order, which is quite important when referring to versions.
*** Release *NAMES* never replaced version numbers.
Hence Debian 8 "J
Iep!
In my opinion, more than aggressive, the monkey is a punk. In the way of
the underground comics (as Fritz the Cat or Transmetropolitan).
Satirical, iconoclast... But, yes, the tone of the cartoons may not be
the most appropriate for the project.
I appreciate the replies.
Salud!
Xiep
>> https://lists.debian.org/debian-security-announce/2015/msg00031.html
>I think ^THIS is probably the biggest reason not to use Chromium.
>Never mind whether it's affiliated with Google or whether that makes it
untrustworthy.
>If you can't keep it updated for the full lifetime of the release,
On Sat, Mar 07, 2015 at 02:19:43PM -0600, T.J. Duchene wrote:
>
>
> >> https://lists.debian.org/debian-security-announce/2015/msg00031.html
>
> >I think ^THIS is probably the biggest reason not to use Chromium.
>
> >Never mind whether it's affiliated with Google or whether that makes it
> untr
Just to clarify... *Java will run* with a grsecurity hardened kernel,
with pax enabled. It just needs mprotect disabled for the specific
programs that need it disabled. (and also many other things need this...
python, kdeinit4, skype, kscreenlocker_greet, thunderbird, firefox,
plugin-container, gdb
>Iceweasel and Chromium are both updated to the upstream-supported version
periodically (when the current version is no longer supported).
>The amount of churn between versions and the number of versions means that
it would be very difficult to backport patches.
Yes, certainly. My point was the
>>> Just want to say that I really like this idea of naming releases after
minor planets, such as Ceres. It's a way cool idea.
>> Cool yes, but useful? Numbers have the huge advantage that everybody
knows their order, which is quite important when referring to versions.
> Most people will want th
On Sat, Mar 07, 2015 at 06:49:34PM +0100, Jaromil wrote:
>
>
> On 7 March 2015 15:48:18 CET, hellekin wrote:
> >On 03/07/15 05:59, JeremyBekka C wrote:
> >>
> >> how can I get Vagrant to run in Gentoo?
> >>
> >*** As mentioned at [0], the way to go is to install it using Rubygems.
> >
> >https:
* On 2015 07 Mar 16:29 -0600, T.J. Duchene wrote:
>
> > Iceweasel and Chromium are both updated to the upstream-supported
> > version periodically (when the current version is no longer
> > supported). The amount of churn between versions and the number of
> > versions means that it would be very
On Sat, 7 Mar 2015 02:11:35 +0100
Jaromil wrote:
>
> Hi all,
>
> This is the initial release of the Alpha series, base-system stripped
> at minimum and distributed in Vagrant format (virtualbox provider),
> to make the life of developers working on core components as vdev
> easier.
>
> Vagrant
yes with grsec you can allow stack exec if you dont think its a security flaw
I just said "as a default" :
>* shipping the kernel with warnings that, as a default, java wont work
>with a secure kernel, and possibly any other graphical applications
>doing dirty stuff with memory ( buffer overflow
apt-get install linux-headers-$(uname -r|sed 's,[^-]*-[^-]*-,,') virtualbox
On 8 March 2015 at 03:39, Steve Litt wrote:
> On Sat, 7 Mar 2015 02:11:35 +0100
> Jaromil wrote:
>
> >
> > Hi all,
> >
> > This is the initial release of the Alpha series, base-system stripped
> > at minimum and distri
> Just to clarify... *Java will run* with a grsecurity hardened kernel,
> with pax enabled. It just needs mprotect disabled for the specific programs
> that need it disabled. (and also many other things need this... python,
> kdeinit4, skype, kscreenlocker_greet, thunderbird, firefox,
> plugin-con
> cool, thanks! I think it would be important that packages that have an issue
> running under grsec all do what they need to do on installation to make sure
> the correct configs are in place to actually work under grsec. This is often
> left out, making proper security expensive and difficult to
> lets be clear, you d have to check for each and every new version of
> each and every binary you ship to add this "allowed to skack exec or
> whatever other dirty memory trick" flag whenever the upstream added a
> bug or a backdoor.
also automatically adding this flag everywhere completely de
34 matches
Mail list logo
